Dynamic dual-mode service access control, location-based billing, and e911 mechanisms

ABSTRACT

A system that facilitates controlling network access comprises a lookup component that determines a geographic location associated with a public originating IP address, wherein the public originating IP address is associated with a request for dual mode services made by a dual mode client. A comparison component compares the determined geographic location with a retained geographic location associated with the dual mode client and determines whether to enable dual mode services based at least in part upon the comparison.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. patent application Ser. No.11/159,606, filed on Jun. 23, 2005, and entitled DYNAMIC DUAL-MODESERVICE ACCESS CONTROL, LOCATION-BASED BILLING, AND E911 MECHANISMS,which in turn claims the benefit of U.S. Provisional Patent applicationSer. No. 60/683,992 entitled DYNAMIC DUAL-MODE SERVICE ACCESS CONTROL,LOCATION-BASED BILLING, AND E911 MECHANISMS and filed May 24, 2005. Theentireties of these applications are incorporated herein by reference.

TECHNICAL FIELD

This invention relates to multimode services in a cellular network, andmore specifically, to access control with respect to one or more accesspoints.

BACKGROUND

The rapid advances and convergence of cellular and IP technologies posesmany new challenges for a provider in terms of not only meeting consumerdemands for IP and cellular services, but also in ensuring that suchservices are not compromised such that the provider loses revenue.Broadband communications carriers (e.g., DSL-Digital Subscriber Line andcable television systems) are continually offering increased bandwidthfor data downloads and uploads to subscribers over the Internet as ameans of not only providing data services for the ever-demandingmultimedia technologies, but also for voice communications utilizingVoIP (voice over IP).

Conventionally, in the context of a DSL and wireless application, a DSLor cable modem can be provided that is the connection to a broadbandcarrier. Typically, the DSL modem includes at least one port forreceiving a WiFi access point (AP). WiFi, or Wireless Fidelity, isdefined according to standards by IEEE 802.11 (a, b, g, etc.), andallows connection to the Internet from a couch at home, a bed in a hotelroom, or a conference room at work, without wires. WiFi is similar totechnology used in a cell phone that enables such devices, e.g.,computers, to send and receive data indoors and out; anywhere within therange of a base station. In order to access the broadband services, aPoint-to-Point Protocol over Ethernet (PPPoE) authentication service isprovided so that the subscriber, via a handset, can access the wide areanetwork link.

Unlicensed Mobile Access (UMA) technology provides access to GSM (GlobalSystem for Mobile Communications) and GPRS (General Packet RadioService) mobile services over unlicensed spectrum technologies (e.g.,Bluetooth™ and IEEE 802.11x media). UMA technology provides alternativeaccess to the GSM and GPRS core network services via IP-based broadbandconnections. Utilizing UMA, subscribers are able to roam and experiencehandover between cellular networks and public/private unlicensedwireless networks using multi-mode (e.g., dual-mode) mobile handsets,thereby receiving a consistent user experience when moving betweennetworks.

In operation, a mobile subscriber with a UMA-enabled, dual-mode handsetmoves into range of an unlicensed wireless network to which the handsetis allowed to connect. When the connection is made, the handset contactsa UNC (UMA Network Controller) over the broadband IP access network tobe authenticated and authorized for GSM voice and GPRS data services viathe unlicensed network. When approved, the subscriber's current locationdata stored in the core network is updated. From that point forward, allmobile voice and data traffic is routed to the handset via a UMAN (UMANetwork) rather than the cellular radio access network. When thesubscriber moves outside the range of the unlicensed network to whichthey are connected, the UNC and handset facilitate connection back tothe licensed outdoor network, the whole process of which is transparentto the user.

The access point (AP) in the broadband service is transparent to the UMAtechnology. As long as the UMA client has an IP connection, and has adestination address, signaling can flow from the handset to the UNC, andlogin can occur. A secure tunnel is then established from the UNC backto the client and the GSM authentication procedures can be initiated tothe UNC and access allowed. The UNC (and/or using WiFi) does not provideauthentication, does not validate, and cannot determine the physicallocation of the handset. Thus, it is possible for a subscriber to take aWiFi AP and the DSL modem to another location (e.g., a neighbor's house)and make the connection from the other location without the DSL carrierever knowing, thereby circumventing revenues to the carrier. This alsohas a negative impact with respect to E911 services where the locationof the subscriber is desired to be known.

SUMMARY

The following presents a simplified summary in order to provide a basicunderstanding of some aspects of the claimed subject matter. Thissummary is not an extensive overview, and it is not intended to identifykey/critical elements of the claimed subject matter or to delineate thescope thereof. Its sole purpose is to present some concepts in asimplified form as a prelude to the more detailed description that ispresented later.

The claimed subject matter relates to limiting a subscriber's ability toutilize access points to bypass wireless radio networks (and avoidfees). More particularly, dual mode services enable a multi-mode deviceto utilize a broadband network to send and receive data. When, forinstance, a dual mode device is within range of an access point to abroadband network (e.g., a wireless router), a request can be made toroute voice and data related to the dual mode device over the broadbandnetwork (rather than, for instance, a GSM network). Often, utilizingbroadband (e.g., VoIP) results in reduced cost to subscribers, renderingit desirable for such subscriber to utilize the broadband network.

When the dual mode device detects signals associated with an accesspoint (e.g., WiFi signals, Bluetooth signals, . . . ), such device canaccess a broadband network by way of the access point and undertake anauthorization/authentication procedure with respect to the access point.In more detail, an IP data packet can be provided to a component that ismaintained by a wireless service provider associated with the dual modeclient, such as a GSM network provider. The IP data packet can include,amongst other things, a public originating IP address that is associatedwith a broadband network provider, a MAC address assigned to the accesspoint, and data that identifies the dual mode device.

To determine whether the multi-mode device is authorized to utilizedual-mode services, an approximate geographic location of the dual-modedevice can be ascertained. For example, the public originating IPaddress can be utilized to search for a street address of the owner ofsuch address (e.g., the IP service provider). The MAC address and theascertained address can be compared with an authorized MAC address andstreet address (or city, county, . . . ). If the MAC address of theaccess point and the discerned approximate geographic location do notmatch an authorized MAC address and geographic location (retained withina database of the wireless network provider), dual-mode services willnot be enabled. Rather, the multi-mode device will continue to utilize aradio access network to send/receive data (e.g., phone calls, pictures,. . . ). If the MAC address of the access point and the discernedapproximate geographic location match an authorized MAC address andgeographic location (with respect to the dual-mode device), thendual-mode services will be enabled. In other words, data associated withthe dual-mode device will be routed by way of a broadband network.

To the accomplishment of the foregoing and related ends, certainillustrative aspects are described herein in connection with thefollowing description and the annexed drawings. These aspects areindicative, however, of but a few of the various ways in which theprinciples disclosed herein can be employed and is intended to includeall such aspects and their equivalents. Other advantages and novelfeatures will become apparent from the following detailed descriptionwhen considered in conjunction with the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a high-level block diagram of a system that facilitatescontrolling use of access points to access dual mode services.

FIG. 2 illustrates a multi-mode client that can utilize a broadbandnetwork to send/receive voice data.

FIG. 3 illustrates a block diagram of a system that facilitates billinga subscriber based at least in part upon an approximated geographiclocation.

FIG. 4 illustrates a methodology for determining whether or not to allowaccess to dual mode services with respect to a multi-mode client.

FIG. 5 illustrates a methodology for determining how to send/receivevoice data when dual mode services are requested.

FIG. 6 illustrates a system that facilitates control of network access.

FIG. 7 illustrates a methodology of controlling network access inaccordance with the subject innovation.

FIG. 8 illustrates a methodology of providing location-based billing inaccordance with another aspect.

FIG. 9 illustrates a more detailed system that provides network accesscontrol of a UMA client in accordance with another aspect of theinnovation.

FIG. 10 illustrates a methodology of authenticating by validating aphysical endpoint of the subscriber broadband connection and associatingthe subscriber to an IP address.

FIGS. 11 and 12 illustrate examples of record formats that can beemployed.

FIG. 13 illustrates a client registration procedure.

FIG. 14 illustrates a methodology of identifying and validating aphysical location of a broadband customer endpoint that is authorized toallow UMA service.

FIG. 15 illustrates a methodology of correlating a broadband physicallocation with the public originating IP address of the UMA client andsubsequently allowing or denying UMA service.

FIG. 16 illustrates a methodology of dynamically assigning a cell globalidentity to specific IEEE 802.11 access points during the UMA clientregistration procedure for the purpose of providing location-basedbilling.

FIG. 17 illustrates a methodology of dynamically assigning physicallocation information to UMA client sessions for the purpose of E911compliance.

FIG. 18 illustrates an alternative methodology of dynamically assigningphysical location information to UMA client sessions for the purpose ofE911 compliance.

FIG. 19 illustrates yet another alternative methodology of dynamicallyassigning physical location information to UMA client sessions for thepurpose of E911 compliance.

FIG. 20 illustrates another exemplary architecture according to oneinnovative aspect.

FIG. 21 illustrates a message flow for an IP registration procedure.

FIG. 22 illustrates message flow for a UMA registration andauthorization procedure.

FIG. 23 illustrates a schematic block diagram of a dual-mode handset(DMH) in accordance with an innovative aspect.

FIG. 24 illustrates a block diagram of a computer operable to providestorage and access such as for the UNC and/or HSS.

FIG. 25 illustrates an exemplary GSM network that facilitates DMS accesscontrol, location-based billing, and E911 mechanisms according to aninnovative aspect.

DETAILED DESCRIPTION

The claimed subject matter is now described with reference to thedrawings, wherein like reference numerals are used to refer to likeelements throughout. In the following description, for purposes ofexplanation, numerous specific details are set forth in order to providea thorough understanding of the claimed subject matter. It may beevident, however, that such matter can be practiced without thesespecific details. In other instances, well-known structures and devicesare shown in block diagram form in order to facilitate a description ofthe claimed subject matter.

As used in this application, the terms “component” and “system” areintended to refer to a computer-related entity, either hardware, acombination of hardware and software, software, or software inexecution. For example, a component can be, but is not limited to being,a process running on a processor, a processor, a hard disk drive,multiple storage drives (of optical and/or magnetic storage medium), anobject, an executable, a thread of execution, a program, and/or acomputer. By way of illustration, both an application running on aserver and the server can be a component. One or more components canreside within a process and/or thread of execution, and a component canbe localized on one computer and/or distributed between two or morecomputers.

The claimed subject matter relates to restricting a user to certain,authorized access points in connection with utilizing dual modeservices. Conventionally, a wireless network provider (e.g., a GSMnetwork provider) associates a MAC address with a subscriber, and allowsthe subscriber to bypass the GSM network so long as the MAC addressassociated with the access point matches the authorized MAC addressassigned to the subscriber. A user could easily change location of theaccess point, however, and circumscribe systems for managing where usersare authorized to use WiFi, for example, to access dual-mode services(e.g., bypass a GSM network through utilization of a packet-switchednetwork). In a detailed example, a user that travels between countriesmay simply take their router with them (which can include a retained MACaddress) and use dual-mode services to avoid paying internationalroaming fees. Such a scenario can result in significant loss of revenueto a wireless network provider (as well as increased costs to customerswho utilize dual-mode services as intended by the wireless serviceprovider).

Described herein is a service-provider perspective on managing wheresubscribers may use WiFi, Bluetooth, etc. to access DMS (dual-modeservices) as well as limiting access points that subscribers can employto access DMS. For the purpose of illustrating this concept, the DMStechnology can be UMA (unlicensed mobile access), IMS (IP multimediasubsystem) VoIP, or any other suitable system/protocol. Thisservice-provider perspective offers a concept to build upon existing UMAand broadband security procedures to enable a UNC-SGW (UMA networkcontroller-security gateway) to validate the public originating IPaddress of a UMA client. In one solution, the physical location of thebroadband endpoint is used to control DMS access, provide dynamiclocation based billing, and dynamically comply with E911 regulations.Additionally, the claimed subject matter can apply to DSL broadbandnetworks, cable modem networks, WiMAX-based broadband networks, or anyother suitable broadband networks.

In one implementation, the DMS does not restrict the physical endpoint.The broadband service and RBGW (residential broadband gateway) aretransparent to the DMS. Note that for the purposes of illustrating theinnovation, the DMS technology will be described in the context of UMA,but can also be IMS VoIP technology.

Turning specifically to FIG. 1, a system 100 that enables restriction toone or more access points in connection with DMS is illustrated. Thesystem 100 includes an access point 102, which can be, for instance, awireless router, a repeater, or any other suitable device that enables aportable device to access DMS. For example, the access point 102 cancommunicate by way of WiFi, Bluetooth, or any other suitable protocol. Amulti-mode client 104 can utilize the access point 102 to connect to acarrier broadband network 106, such as one that is provided by a cableservice provider, a DSL network, a WiMAX-enabled network, or any othersuitable broadband network. The carrier broadband network 106 can beutilized to communicatively couple the multi-mode client 104 to a lookupcomponent 108 that is maintained by a wireless network provider, such asa GSM network provider. The lookup component 108 can be utilized inconnection with authentication and authorization of the multi-modeclient 104 with respect to, for instance, GSM voice and/or GPRS dataservices. If approved, all mobile voice and data traffic can be routedto the multi-mode client 104 over, for instance, a UMA network insteadof the wireless network (radio access network).

During service registration, when the multi-mode client 104 goes throughthe process of authenticating itself and establishing a secure IP tunnelwith a GSM network, the multi-mode client 104 provides the GSM networkwith one or more IP packets. Within at least one of the packets (e.g.,in a packet header) a public originating IP address can be provided. Inmore detail, an IP service provider that provides access to a broadbandnetwork with respect to the access point 102 will be associated withvarious IP addresses that can be assigned to users of the carrierbroadband network 106. Each of the IP addresses maps to a serviceprovider and a location of such service provider. The multi-mode client104 can additionally provide a MAC address of the access point 102 whenundergoing authentication and authorization.

The lookup component 108 can receive the public originating IP addressand determine an originating location of the IP address (e.g., ageographic location of an IP service provider associated with the IPaddress). For instance, the lookup component 108 can access a data store110 that includes public originating IP address information 112.Pursuant to an example, contents of the data store 110 can be indexedaccording to IP address, such that a physical address of an IP providerassociated with the public originating IP address can be determined.

The lookup component 108 can be communicatively coupled to a comparisoncomponent 114, which can access a data store 116 that includes datarelating to subscriber rights 118. More particularly, the data store 116can include subscribers, authorized MAC addresses associated with thesubscribers, and authorized locations with respect to DMS. Pursuant toan example, the comparison component 114 can receive data thatidentifies a subscriber associated with the multi-mode client 104, andcan then retrieve authorized MAC addresses and geographic locations(e.g., cities) associated with the subscriber. The lookup component 108can provide the geographic location associated with the publicoriginating IP address to the comparison component 114, which cancompare such location with the location within the subscriber rights 118of the data store 116. If the comparison component 114 determines thatthe location ascertained by the lookup component 108 matches that withinthe data store 116, then the multi-mode client 104 will be authorized toutilize DMS (e.g., utilize a packet-switched network for voice and datadelivery and reception).

If the comparison component 114 discerns that the location associatedwith the public originating IP address within the IP data packetprovided by the multi-mode client 104 is different from authorizedlocation(s) within the data store 116, then the comparison component 114can be utilized in connection with denying use of DMS. For example, themulti-mode client 104 can be forced to utilize a radio access network(such as a GSM network) for voice and data transmittal (and incur feesassociated with use of such network). The comparison component 114 caninform the multi-mode client 104 of the prevention of access by way ofthe carrier broadband network 106. The comparison component 114, ifdesired, can additionally compare a MAC address associated with theaccess point 102 with an authorized MAC address, and can prevent use ofDMS if the two MAC addresses do not correspond.

Now turning to FIG. 2, an example environment 200 illustrating when adetermination can be made regarding authorization of a multi-mode clientwith respect to DMS is illustrated. A multi-mode client 202 can enter aregion where such client 202 can utilize WiFi, Bluetooth, or the like toaccess a broadband network. Such region is referred to as an accesspoint range 204. Once the multi-mode client enters the access pointrange 204, it can initiate an authentication and authorization procedurewith a wireless service provider. For instance, having phone calls ordata routed to a broadband network may be associated with reduced costto a subscriber when compared with using a GSM network for phone callsand data. The multi-mode client 202 can provide a component maintainedby the wireless service provider with an IP data packet that includesthe public originating IP address related to a broadband networkprovider associated with the access point.

The IP data packet can additionally include a MAC address of the accesspoint and data that identifies the subscriber and/or the multi-modeclient 202. The public originating IP address can then be provided to alookup service or component, which can determine a location of the IPaddress (e.g., location of an IP service provider that owns the IPaddress). If an authorized location does not correspond to thedetermined location (from the public originating IP address), themulti-mode client will be denied use of DMS (denied routing of data overa packet-switched network). The procedure can be undertaken each timethat the multi-mode client enters the access point range 204 (and is notnecessary for each call made by the multi-mode client 202). Thus, if themulti-mode client 202 leaves the access point range 204 and re-enters ata later time, the authorization and authentication procedure repeatsupon re-entry.

Referring now to FIG. 3, a system 300 that facilitates enforcingrestrictions with respect to access points is illustrated. The system300, like the system 100 (FIG. 1) includes an access point 302 that canemit WiFi, Bluetooth, or other suitable wireless signals. A multi-modeclient 304 can detect the signals and utilize the access point 302 toconnect to a carrier broadband network 306. The multi-mode client 304can request authorization to employ dual mode services (e.g., have phonecalls and data routed from a GSM network to the carrier broadbandnetwork 306). Such request can include provision of an IP data packet toa lookup component 308 maintained by a wireless service provider (e.g.,a GSM network provider), wherein the IP data packet can include a publicoriginating IP address that is associated with the access point 302 (aswell as a MAC address of the access point 302) and data that identifiesthe multi-mode client 304 or a subscriber associated therewith. Thelookup component 308 can search a data store 310 that includes publicoriginating IP address information 312 through use of the publicoriginating IP address within the IP data packet. For instance, alocation of an IP service provider can be determined upon receipt of thepublic originating IP address.

The location of the public originating IP address can be provided to acomparison component 314, which can compare such location with locationstored within a data store 316. More particularly, the data store 316can include subscriber rights 318 that describe MAC addresses a user canemploy in connection with DMS as well as locations where the user isauthorized to employ DMS. If the comparison component 314 determinesthat the location discerned by the lookup component 308 corresponds toan authorized location with respect to the user (retained within thedata store 316), then the multi-mode client 304 can be provided accessto DMS. If the comparison component 314 determines that the locationascertained by the lookup component does not correspond to an authorizedlocation within the data store 316, then access to DMS can be denied.

The system 300 can additionally include a billing component 320 that canproperly bill a subscriber as they switch between solely utilizing a GMSnetwork, for instance, and having calls routed through a packet-switchednetwork. For example, call time associated with a GMS network can be ata first billing rate while call time associated with a packet-switchednetwork may be at a second billing rate. The system 300 can also includea service update component 322 that enables the data store 316 to beupdated (e.g., an additional authorized location can be added) if themulti-mode client 304 is not authorized access to DMS based upon theircurrent location. For example, the service update component 322 cangenerate a graphical user interface and provide it to the multi-modeclient 304, such that the user can be provided access to DMS (for a fee)with respect to current location. Moreover, the service update component322 can implement time restrictions with respect to accessing DMS at themulti-mode client's current location. In a particular example, theservice update component 322 can generate a graphical user interface andprovide it to the multi-mode client 304, giving a subscriber an optionto purchase use of the access point 302 for a threshold amount of time.In another example, a subscriber may have purchases a service packagethat enables such subscriber to access DMS at three different locations(e.g., at home, at work, and at a coffee house), but the subscriber hasyet to specify all three locations. The billing component 320 can thenbill the subscriber accordingly.

Turning to FIGS. 4 and 5, methodologies relating to restricting use ofDMS based upon current location of a dual mode client are illustrated.While, for purposes of simplicity of explanation, the methodologiesshown herein, e.g., in the form of a flow chart or flow diagram, areshown and described as a series of acts, it is to be understood andappreciated that the claimed subject matter is not limited by the orderof acts, as some acts may, in accordance therewith, occur in a differentorder and/or concurrently with other acts from that shown and describedherein. For example, those skilled in the art will understand andappreciate that a methodology could alternatively be represented as aseries of interrelated states or events, such as in a state diagram.Moreover, not all illustrated acts may be required to implement amethodology in accordance with the claimed subject matter.

Referring specifically to FIG. 4, a methodology for controlling accessto DMS is illustrated. At 400, a request to access DMS is received froma dual mode client (e.g., a portable telephone). For example, the dualmode client may come within range of an access point, and can detectWiFi signals output by such access point. Additionally or alternatively,the access point can output Bluetooth signals or any other suitablewireless signals that facilitate connection of the dual mode client witha broadband network. During the request, the dual mode client cangenerate an IP data packet that can include a public originating IPaddress (an IP address associated with an IP service provider), datathat identifies the dual mode client (or a subscriber associatedtherewith), and a MAC address of the access point.

At 402, the IP data packet generally, and the public originating IPaddress in particular, can be received at a component that is maintainedby a wireless network provider (e.g., a GSM network provider). At 404,the approximate location of the dual mode device is determined basedupon the public originating IP address. For instance, a service thatlocates a geographic address (e.g., 15 State Avenue, New York, N.Y.) ofthe IP service provider by analyzing the public originating IP addresscan be employed to determine the approximate location of the dual modeclient. It is understood, however, that any suitable service that can atleast approximately locate the dual mode client is contemplated by theinventor and is intended to fall under the scope of the hereto-appendedclaims.

At 406, a determination is made regarding whether or not to allow accessto dual mode services based at least in part upon the determinedlocation. More particularly, a wireless service provider can include adatabase that retains rights associated with various subscribers. Forinstance, it may be desirable to restrict a subscriber to an accesspoint within a certain location (rather than allow the subscriber to useany available access points). Thus, the database can includerestrictions relating to MAC address of an access point and approximategeographic location of such access point (as ascertained by a geographiclocation of the IP service provider). Thus, if the MAC address and thelocation associated with the public originating IP address within therequest correspond to a MAC address and location within the database(defining the subscriber's rights), the request for dual DMS will begranted. If the MAC address and the location associated with theoriginating address within the request do not correspond to the MACaddress and location within the database, the request for DMS will bedenied and the subscriber will be forced to utilize a radio accessnetwork (e.g., a GSM network) and incur fees associated therewith.

Now turning to FIG. 5, a methodology for requesting DMS is illustrated.At 500, a dual mode client enters range of an access point. Forinstance, the dual mode client can recognize and interpret WiFi signalsoutput by an access point, such as a wireless router or a repeater. At502, the dual mode client accesses a broadband network associated withthe access point and a public originating IP address relating to theaccess point/dual mode client is provided to a component maintained by awireless network provided. At 504, a determination is made regardingwhether access to DMS is authorized. As described above, suchdetermination is based at least in part upon a geographic locationassociated with the provided public originating IP address. If it isdetermined that access to DMS is authorized, then the dual mode clientcan send/receive voice/data by way of a broadband network associatedwith the access point (typically at a reduced rate or free) at 506. Ifit is determined that access to DMS is not authorized, then at 508voice/data can be sent or received by way of a radio access network,such as a GSM network. Utilization of a radio access network istypically associated with greater fees when compared to use of abroadband network (e.g., VoIP) to send and receive data.

Now referring to FIG. 6, a system 600 that facilitates control ofnetwork access is illustrated. As described above, the claimed subjectmatter facilitates validation and authentication of the physicallocation of a multi-mode (e.g., DMS) UMA system, thereby restricting thehandset from gaining access from unauthorized locations. Thus, access todual-mode UMA services, for example, at a particular location (e.g., ina subscriber's home, or in a hot spot that is controlled by a carrier)can now be managed to allow or deny service at that location.

Accordingly, the system 600 includes an unlicensed wireless network(UWN) 602 that facilitates communications for a multi-mode UMA client604 to a radio network. An access component 606 of the radio network isprovided that controls access to the radio network by the UMA client 604based on a physical location of the UMA client 604. In oneimplementation, the UMA client 604 is a dual-mode mobile handset. TheUWN 602 can be a broadband IP network such as a digital subscriber line(DSL) technology, a cable television network, T1/E1, broadband wireless,FTTH (Fiber to the Home), . . . . The radio network can be a GSM (globalsystem for mobile telecommunications) network and/or a GPRS (generalpacket radio services) network.

The UWN 602 typically includes a modem (e.g., DSL and/or cable modem)that includes a unique identifier (e.g., a MAC address). Moreover, themodem is assigned a unique IP address by the provider, which IP addressis then assigned to the subscriber account information such that thelocation of the modem can be determined. Thus, with respect tovalidation, when the UMA client 604 is utilized using existing GSMprotocols and procedures, the validation request is encapsulated in IPand routed through the broadband connection gaining access to the GSMnetwork to provide the same data and voice services that are provided onthe GSM network while in the unlicensed WiFi network, using thebroadband connection (e.g., DSL) as the GSM transport. A server on theradio network provides the mapping from the modem MAC address to thehandset to the subscriber home location (where the physical location isthe subscriber's home).

Now that the physical location of the client 604 can be known, thesystem 600 can further comprise a billing component 608 that facilitatesbilling based on the physical location of the client 604. For example,if the subscriber is at home, the call via a handset that employs theclient can be structured by the provider to be free. However, if thesubscriber is making a call via the UMA client handset at a remotelocation (e.g., a retail establishment), it is now possible to chargefor that connection at a different fee. Furthermore, now that thephysical location of the UMA client handset can be determined, thisfurthers the mandates of E911 compliance.

FIG. 7 illustrates a methodology of controlling network access inaccordance with the subject innovation. At 700, a UWN that supports IPpackets is received that provides access to a radio network. At 702, aclient (e.g., UMA) of a subscriber initiates access to the radio networkvia the UWN. At 704, the physical location of the client is determinedusing a UWN identifier. At 706, access to the radio network is eitherallowed or denied based on the physical location of the client.

Referring now to FIG. 8, there is illustrated a methodology of providinglocation-based billing for a UMA client in accordance with anotheraspect. At 800, a UWN that supports IP packets is received that providesaccess to a radio network. At 802, a UMA client of a subscriberinitiates access to the radio network via the UWN. At 804, the physicallocation of the UMA client is determined using a UWN identifier. At 806,access to the radio network is either allowed or denied based on thephysical location of the UMA client.

FIG. 9 illustrates a more detailed system 900 that provides networkaccess control of a UMA client 902. In the UMA architecture, at leastthe following elements exist: the UMA client in the handset 902, a UNC904 that provides the interface to the core network via 3GPP specifiedA/Gb interfaces, an MSC (mobile switching center) 906, a RADIUS server908, a presence manager (PM) 910 and a HSS (home subscriber server) 912.Conventionally, the UMA handset 902 communicates over an unlicensedwireless network (e.g., WiFi, Bluetooth, . . . ) to an IP access network914 (e.g., broadband DSL) to the UNC 904 to be authenticated andauthorized for access to core network GSM voice and/or GPRS dataservices. If approved, the subscriber's current location informationstored in the core network is updated, and all mobile voice and datatraffic is routed to the UMA handset 902 over the UMA network (UMAN),instead of the radio access network.

In one implementation, the claimed subject matter related to addition ofnovel functionality to the RADIUS server 908 in the form of a RADIUSpresence agent 920 and/or to the UNC 904 in the form of a UNC presenceagent 922 via a new database. The presence agents (920 and 922)facilitate communication of presence notification messages. The newdatabase can be located anywhere, for example, in the HSS 912. The HSS912 then functions at least like a new RADIUS server.

The DMS presence notification message can include a DSL account E.164number, an IP address, a UMA E.164 number, IMSI (international mobilesubscriber identity), and/or subscriber physical location information(e.g., street address, and the like). The IMSI is an ITU-T specificationthat uniquely identifies a subscriber to a mobile telephone service. TheIMSI is used in a GSM network, and can be used in all cellular networksto identify at least the phone's home country and carrier. Once thepresence and location information associated with this IP address isreceived, when the UMA client 902 registers on the UNC 908, the UNC willread the IMSI and the public originating IP address. During the UMAregistration procedure, the UMA client sends the following informationto the UNC: the IMSI, the AP ID, and the public originating IP address.The system can now go to the HSS 914 and do a search on the IP E.164address and check to see if it is a valid IP address for this UMA client902. If yes, then the system will validate the number and grant service.If the DMS is queried and a valid record is not returned, then theaddress originated from the IP address was one which was not authorized.The DSL carriers can assign specific discreet location information thatcorresponds to an IP address.

As described supra, a service-provider perspective is provided forcontrolling where a subscriber can use WiFi to access DMS. Theservice-provider perspective builds upon existing UMA and broadbandsecurity procedures to enable the UNC-SGW to validate the publicoriginating IP address of the UMA client. Solutions include the use ofthe physical location of the broadband endpoint to control DMS access,provide dynamic location based billing, and dynamically comply with E911regulations. Although the subject description focuses on the DSLbroadband network, the same concept can be applied to non-DSL networkssuch as cable modem networks, T1/E1, FTTH, etc.

Carriers can now charge differently for converged services depending onwhere the subscriber is located. For example, if the subscriber uses theparent's DSL service in the home, the call is free. If the subscriberuses a WiFi hotspot at local retail store, the call can be charged atthe normal GSM rates, or differently than in the subscriber home.

FIG. 10 illustrates a methodology of authenticating by validating aphysical endpoint of the subscriber broadband connection and associatingthe subscriber to an IP address. At 1000, during the broadband startupprocedure (e.g., the PPPoE initiation procedure), the broadband modemwill login and obtain an IP address from the Network Access Server'sdynamic address pool. For example, as part of the access procedure theRADIUS server will associate the assigned IP address with the broadbandaccount identity (e.g., the POTS (plain old telephone system) E.164number). At 1002, after associating the IP address with the broadbandaccount identity, the broadband service provider sends a presencenotification message to a new DMS subscriber authorization database(DAD), as indicated at 1004. The presence notification message caninclude information used by the UNC-SGW to authorize the UMA client touse the broadband connection based on the broadband account identity andIMSI parameter. At 1006, during the registration procedure, the UMAclient provides the IMSI, originating public IP address, and the MACaddress of the access point. At 1008, the UNC-SGW validates the UMAclient's IMSI and public originating IP address pair with the DAD.

The DAD is a virtual element that can reside in the UMAN, and can bepart of a larger subscriber database such as the HLR (Home LocationRegister), HSS (Home Subscriber Server), AAA server, or carrier-specificdatabase. Key functions of the DAD include receiving presencenotification messages from broadband service providers, correlating thebroadband account identity and public IP address with the UMAsubscriber's IMSI and with the current IMSI and IP address, andaccepting or rejecting authorization requests from the UNC-SGW based onthe UMA client IMSI and originating public IP address.

The DAD can be provisioned with an appropriate information record foreach authorized broadband identity. FIGS. 11 and 12 illustrate examplesof record formats 1100 and 1200 that can be employed. A first recordformat 1100 can include the following information. Field NameDescription IMSI International Mobile Subscriber Identity IP AddressPublic originating IP address of the subscriber's broadband CPE(customer premise equipment) Broadband The account number to identifythe subscription owner, Identity can be the same as the POTS E.164number. Location Optional field with physical location information ofthe broadband endpoint. May be the street address or geo coordinatesused for E911 location information.

A second record format 1200 (FIG. 12) can include the followinginformation. Thus, the database record can include the IMSI and theE.164 number. Field Name Description IMSI International MobileSubscriber Identity IP Address Public originating IP address of thesubscriber's broadband CPE Broadband The account number to identify thesubscription owner, Identity can be the same as the POTS E.164 number.Location Optional field used by the UNC to determine the Billing Codeappropriate CGI (cell global identity) value to be used in the CDR (calldetail record). Location Optional field with physical addressinformation of the Address broadband endpoint. Location Geo Optionalfield with lat/long of the endpoint used for Coordinates E911compliance.

The broadband service provider's security and access control procedurescan be provisioned with one or more IMSIs authorized to use thebroadband connection.

The UNC registration procedure can include the following MS (mobilestation) and AP (access point) addressing parameters (as provided by theUMA specification UMA Stage 2):

-   The IMSI associated with the SIM in the terminal. This identifier is    provided by the MS to the UNC when it registers to a UNC. The UNC    maintains a record for each registered MS. For example, the IMSI is    used by the UNC to find the appropriate MS record when the UNC    receives a BSSMAP (base station system management application part)    PAGING message. The BSSMAP protocol is also used to convey general    BSS (base station system) control information between an MSC (mobile    switching center) and the BSS. An example is the allocation of    traffic channels between the MSC and the BSS.-   Public IP address of the MS. The public IP address of the MS is the    source IP present in the outermost IP header of packets received    from the MS by the UNC-SGW. If available, this identifier may be    used by the UNC to support locations services and fraud detection.    It may also be used by service providers to signal managed IP    networks IP flows that require QoS (quality of service) treatment.-   The Access Point (AP) ID. The AP-ID is the MAC address of the    unlicensed mode access point through which the MS is accessing UMA    service. This identifier is provided by the MS (obtained via    broadcast from the AP) to the UNC via the Up interface, when it    requests UMA service. The AP-ID may be used by the UNC to support    location services. The AP-ID may also be used by the service    provider to restrict UMA service access via only authorized APs.

FIG. 13 illustrates a client registration procedure. At 1300, a clientregistration procedure is initiated. At 1302, the UNC-SGW validates theclient IMSI and originating public IP address against the DAD.

FIG. 14 illustrates a methodology of identifying and validating aphysical location of a broadband customer endpoint that is authorized toallow UMA service. At 1400, an IP router is received that interfaces theUWN to the broadband service provider through the broadband modem. Onthe IP router, the subscriber username and password is entered, whichinformation is sent to the broadband service provider (e.g., DSLprovider), for authentication via a RADIUS server, as indicated at 1402.At 1404, the provider then authenticates that username and password asbeing a valid subscriber, and enables service. At that time, theprovider allocates a dynamic IP address (or static IP address) that willbe assigned and accepted by the broadband modem. This is handled by theRADIUS server in the broadband network. At 1406, the RADIUS servercollects the username/password, validates the subscriber, and starts theaccounting process, and knows the IP address of the subscriber and thatthe particular subscriber has network access.

In accordance with the claimed subject matter, functionality is added totake the information it has collected during the subscriber login andcreate the presence message that will be transmitted over to the GSMnetwork. Accordingly, at 1408, a presence notification message is sentthat includes the broadband E.164 number, a GSM E.164 number, and thephysical location data (street address, etc.). At 1410, this data getssent over to a standard presence interface on the GSM network, which GSMnetwork accepts it, and stores it into a database.

Referring now to FIG. 15, there is illustrated a methodology ofcorrelating a broadband physical location with the public originating IPaddress of the UMA client and subsequently allow or deny UMA service. At1500, the UMA client enters into the home, detects the WiFi network and,receives an IP address and WiFi security data. At 1502, a UMA clientregistration procedure is automatically started back to the UNC on theGSM network. The registration process includes sending the IP address ofthe broadband modem and the IMSI to the UNC to setup the secure tunneland start the standard GSM authentication procedures.

In accordance with added novel functionality of the UNC, once the UNCcollects the IMSI and IP address, the UNC initiates a query to thedatabase (e.g., the HSS DIAMETER database) to get the E.164 DSL number,and the IMSI, as indicated at 1504. At 1506, using the locationinformation, the UNC collects that information and goes back to thelegacy GSM network and queries the network to validate the dual modeservices. At 1508, a determination is made whether the broadbandphysical location is one of the valid serving areas for that particularUMA client. At 1510, in accordance with the determination, service isthen allowed or denied.

FIG. 16 illustrates a methodology of dynamically assigning a cell globalidentity to specific IEEE 802.11 access points during the UMA clientregistration procedure for the purpose of providing location-basedbilling. The UNC has the capability to generate signaling to the MSC,which will generate a CDR (call detail record), which will have a cellglobal identity (CGI), and that consists of the location area identityplus cell ID. In accordance to novel functionality added to the UNC, at1600, the UNC determines if the physical location is a valid servingarea for the UMA client. At 1602, when the UNC validates and determinesthat that particular physical location is valid for that UMA client, itgrants dual-mode services. At 1604, the UNC dynamically creates a newrecord in the UMA billing mechanism. At 1606, a CGI number is generatedand assigned for that physical location. At 1608, as the UNC generatesCDRs, a dynamically created CGI is applied for those particular callrecords. Almost all new functionality is provided in UNC via thepresence agent. There can also be functionality added to the RADIUSserver for the broadband component via a RADIUS presence agent. At 1610,the subscriber can then be billed according to the CDRs that weregenerated in association with the physical location.

Referring now to FIG. 17, there is illustrated a methodology ofdynamically assigning physical location information to UMA clientsessions for the purpose of E911 compliance. At 1700, the physicallocation information is collected and stored in a database. Thisdatabase can reside in the UNC, and/or in the HSS where there is anotification sent that triggers an E911 database update procedure or inboth the UNC and the HSS, for example. At 1702, the physical locationinformation is then assigned to that particular GSM E.164 number. At1704, the GSM E.164 number can be used to update a PSAP (public safetyanswering point) database with physical location data for that E.164number. The PSAP is the first contact an E911 caller will get. The PSAPoperator verifies or obtains the caller's whereabouts (locationinformation), determines the nature of the emergency and decides whichemergency response teams to notify.

FIG. 18 illustrates an alternative methodology of dynamically assigningphysical location information to UMA client sessions for the purpose ofE911 compliance. At 1800, the physical location information is collectedand stored in a database. This database can reside in the UNC, and/or inthe HSS where there is a notification sent that triggers an E911database update procedure or in both the UNC and the HSS, for example.Alternatively, at 1802, the physical location can be assigned as a pANI(pseudo automatic number identification) for the base transceiverstation (BTS) towers. The pANI is a modification of the ANI, and is usedto pass information across systems that can handle ANI traffic. The pANIis a number employed in wireless E911 call setup that can be used toroute the call the appropriate PSAP. The pANI generally identifies thecell/sector from which the call was made, whereas the ANI carries theactual telephone number of the wireline caller. Thus, at 1804, an E911call center can obtain the telephone number and a general location ofthe caller based on the pANI number. In one implementation, a pseudotelephone number is created and assigned to a BTS tower, a cell sector,and stored in a PSAP database.

FIG. 19 illustrates yet another alternative methodology of dynamicallyassigning physical location information to UMA client sessions for thepurpose of E911 compliance. At 1900, the caller initiates an E911 callthrough the broadband network. At 1902, the UNC correlates the GSM E.164number with the broadband E.164 number (e.g., DSL E.164 number). At1904, the UNC transposes the E.164 numbers when sending the digits tothe selected tandem. That way, the UNC makes it appear as though thecall is originating from a land line. The broadband E.164 number willalready have that physical street address for that telephone number.

FIG. 20 illustrates another exemplary architecture 2000 according to oneinnovative aspect. For the purpose of illustrating this Dynamic DMSAccess Control concept, a dual mode handset (DMH) 2002 is provided,which can be a UMA handset. However, it is within contemplation that IMSVoIP handsets can also be supported. The innovation has zero impact onthe DMH and reuses the IMSI and public originating IP address during theUMA registration procedure.

The wireless handset 2002 communicates with an RBGW 2004. This element2004 can include any or all of a broadband modem (in this case a DSLmodem), an IP router, a WiFi access point, and analog terminal adapters.The RBGW 2004 uses the PPPoE protocol for IP access to a broadbandnetwork 2006. The RBGW interfaces to a RADIUS (remote authenticationdial-in user service) 2008, which authenticates the RBGW, authorizesservice, and assigns an IP address, for example.

A presence user agent (PUA) 2010 interfaces to the RADIUS server 2008and the broadband network 2006. The PUA 2010 provides functionality tonotify the 3GPP network of the physical attributes (e.g., identity, IPaddress, and location) of the broadband endpoint.

A UNC 2012 interfaces to the broadband network 2006 and includes the SGWthat authenticates and authorizes service to the DMH client 2002 (e.g.,UMA). A new function (a presence user agent) in the UNC is introducedthat queries an HSS 2014 to validate broadband endpoints during the UMAregistration procedure. A presence server 2016 is provided that receivespresence information from the PUA 2010 and updates the subscriber recordin the HSS 2014. The HSS 2014 is part of the IMS core used forsubscriber provisioning and stores profiles. A new schema is introducedto support the correlation of broadband identities and IP addresses withIMSI data. This concept assumes the HSS includes the DAD.

Following are two message flows that impact the broadband linkactivation and UMA client registration procedures. For simplicity, notall messaging procedures are shown and some procedures may besimplified. The RADIUS element is assumed to include the network accessserver and aggregator functions.

FIG. 21 illustrates a message flow for an IP registration procedure. APPPoE session is started and established between the RBGW and RADIUSnode. This process authenticates the RBGW, initiates a PPP session,assigns an IP address, and starts accounting. A result is that an IPaddress is assigned to the RBGW (e.g., a DSL modem). The RADIUS nodethen notifies the PUA of the broadband service identity, typically thePOTS E.164 number, and the IP address assigned to the RBGW. Thisnotification triggers the PUA to query the broadband subscriber database(not shown) to determine if the broadband identity is allowed to supportDMS. If DMS is allowed, the PUA collects the endpoint locationinformation from the broadband subscriber database. A result is that DMSauthorization is validated for the broadband endpoint. Another result isthat a DMS authorization and presence message is created. The PUA thensends the DMS authorization and presence message to the presence server.This notification triggers the presence server to initiate a subscriberprofile update in the DAD, here located in the HSS. The presence serverupdates the subscriber's record in the DAD, in this case the HSS, withthe public originating IP address of the authorized broadband endpoint.The UNC uses this information during the UMA registration procedure. Atthis point, IP address registration is complete.

FIG. 22 illustrates message flow for a UMA registration andauthorization procedure. Initially, a PPPoE is session is active to theRBGW. The DMH initiates and completes a WiFi association process thatincludes the IEEE 802.11 security. The DMH initiates the UMAregistration procedure with the UNC. The UNC identifies the IMSI andpublic originating IP address in the registration message and IPpackets. The UNC queries the HSS for the IMSI and public originating IPaddress. If found, the UNC allows DMS access for this broadbandendpoint. If not, access is denied. A result is that the publicoriginating IP address and IMSI are authorized. The UMA client and UNCcomplete the UMA registration process including SIM Authentication (notshown) and an IPsec tunnel. The UMA client registration is thencomplete.

In a scenario of multiple access points served by a single, publicoriginating IP address, and because the UMA client can include theaccess point MAC address during the UMA registration procedure, acombination of public originating IP address and access point MACaddress can be used to identify UMA caller's E911 location.

With respect to a broadband provider, the subject innovation canenvision that a static IP address is required to support E911 forenterprise environments that use a single, public originating IP addressto serve multiple WiFi access points in multiple locations. However,dynamic IP addressing can also be used to support the enterprise.

A broadband provider concept envisions a self-provisioning mechanismwhereby the subscriber and/or DMS provider can be allowed to update abroadband account profile to set DMS permissions for the broadbandendpoint. With regards to provisioning, each broadband account can beprovisioned to allow or deny the self-provisioning of DMS-allowedIMSI(s). The broadband subscriber controls which DMS E.164 (or IMSIs)are allowed to use his or her broadband service. Each broadband accountcan be self-provisioned by the subscriber or other mechanism with one ormore IMSIs that are allowed DMS from this endpoint. One method may befor the DMS provider to update the broadband account with a list ofauthorized IMSIs. The broadband provider can enable a PPPoE accessconcentrator to trigger the appropriate presence notification to the DADvia the PUA.

With respect to a DMS provider, the innovation can assume that noadditional per subscriber provisioning is required. The DAD can use theIMSI as the key field. The DAD can be dynamically provisioned as part ofthe standard DMS provisioning process. A presence server can be employedto receive notifications from the broadband provider PUA and update theDAD. The DMS authentication and access control element (in this case theUNC-SGW) can query the DAD during the DMS registration procedure toallow or deny DMS based on the DMH IMSI and public originating IPaddress.

E911 call handling and database procedures require the DMS provider toidentify the appropriate PSAP via the E911 tandem or selective router.The DMS provider associates the location of the broadband endpoint withthe appropriate PSAP. The DMS provider may update an automatic locationinformation (ALI) database with the current information of the DMS E.164number. The DMS Provider can enable the DMS E911 call to masquerade as afixed wireline call by replacing the DMS E.164 number's calling number(ANI) ID with the broadband E.164 number. This procedure puts DMS E911calls on par with fixed wireline E911 calls. The DMS handset can providea visual indicator to inform the subscriber of his or her E911 locationstatus (e.g., good, unavailable, other). The DMS provider can provide anE911 location update to the DMS handset and expose this information tothe subscriber.

The enterprise is responsible for updating (e.g., mechanized and/or viathe broadband provider) the DAD with the current and accurate locationinformation for access points in the enterprise. In a scenario where astatic IP and/or address space is assigned to a physical endpoint, amanual process can be used to update the DAD. In a case where multipleaccess points are served by a single broadband endpoint, a manualprocess can be implemented to associate an access point MAC address withthe physical endpoint location. See the following DAD record example formultiple access points. Field Name Value AP_MAC_ADDRESS00-05-9A-3C-78-00 BROADBAND_ID 404-555-1212 AP_LOCATION 5565 GlenridgeConnector, 9^(th) floor

After the UNC queries the DAD and authorizes the public originating IPaddress, a second query can be made to search for an access pointrecord. If the access point is found and its BROADBAND_ID field matchesthe broadband record BROADBAND_ID field, the E911 location informationis set to the AP_LOCATION value. This technique for supporting multipleaccess points can require new development to the PSAP and/or ALI.

FIG. 23 illustrates a schematic block diagram of a dual-mode handset(DMH) 2300. In order to provide additional context for various aspectsthereof, FIG. 23 and the following discussion are intended to provide abrief, general description of a suitable environment 2300 in which thevarious aspects of the claimed subject matter can be implemented. Whilethe description includes a general context of computer-executableinstructions, those skilled in the art will recognize that the claimedsubject matter also can be implemented in combination with other programmodules and/or as a combination of hardware and software.

Generally, applications (e.g., program modules) can include routines,programs, components, data structures, etc., that perform particulartasks or implement particular abstract data types. Moreover, thoseskilled in the art will appreciate that the inventive methods can bepracticed with other system configurations, including single-processoror multiprocessor systems, minicomputers, mainframe computers, as wellas personal computers, hand-held computing devices, microprocessor-basedor programmable consumer electronics, and the like, each of which can beoperatively coupled to one or more associated devices.

A computing device can typically include a variety of computer-readablemedia. Computer-readable media can be any available media that can beaccessed by the computer and includes both volatile and non-volatilemedia, removable and non-removable media. By way of example, and notlimitation, computer-readable media can comprise computer storage mediaand communication media. Computer storage media includes both volatileand non-volatile, removable and non-removable media implemented in anymethod or technology for storage of information such ascomputer-readable instructions, data structures, program modules orother data. Computer storage media can include, but is not limited to,RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM,digital video disk (DVD) or other optical disk storage, magneticcassettes, magnetic tape, magnetic disk storage or other magneticstorage devices, or any other medium which can be used to store thedesired information and which can be accessed by the computer.

Communication media typically embodies computer-readable instructions,data structures, program modules or other data in a modulated datasignal such as a carrier wave or other transport mechanism, and includesany information delivery media. The term “modulated data signal” means asignal that has one or more of its characteristics set or changed insuch a manner as to encode information in the signal. By way of example,and not limitation, communication media includes wired media such as awired network or direct-wired connection, and wireless media such asacoustic, RF, infrared and other wireless media. Combinations of the anyof the above should also be included within the scope ofcomputer-readable media.

The DMH 2300 (similar to client handset 104, 402, 2002) includes aprocessor 2302 for controlling and processing all onboard operations andfunctions. A memory 2304 interfaces to the processor 2302 for storage ofdata and one or more applications 2306 (e.g., a video player software,user feedback component software, etc.). Other applications can includevoice recognition of predetermined voice commands that facilitateinitiation of the user feedback signal, as well as those describedinfra. The applications 2306 can be stored in the memory 2304 and/or ina firmware 2308, and executed by the processor 2302 from either or boththe memory 2304 or/and the firmware 2308. The firmware 2308 can alsostore startup code for execution in initializing the DMH 2300. Acommunication component 2310 interfaces to the processor 2302 tofacilitate wired/wireless communication with external systems, e.g.,cellular networks, VoIP networks, and so on. Here, the communicationscomponent 2310 also includes a GSM transceiver 2311 and a WiFitransceiver 2313 for corresponding signal communications. The DMH 2300can be a device such as a cellular telephone, a PDA with mobilecommunications capabilities, and messaging-centric devices.

The DMH 2300 includes a display 2312 for displaying text, images, video,telephony functions (e.g., a Caller ID function), setup functions, andfor user input. The display 2312 can also accommodate the presentationof multimedia content. A serial I/O interface 2314 is provided incommunication with the processor 2302 to facilitate wired and/orwireless serial communications (e.g., USB, and/or IEEE 1394) via ahardwire connection, and other serial input devices (e.g., a keyboard,keypad, and mouse). This supports updating and troubleshooting the DMH2300, for example. Audio capabilities are provided with an audio I/Ocomponent 2316, which can include a speaker for the output of audiosignals related to, for example, indication that the user pressed theproper key or key combination to initiate the user feedback signal. Theaudio I/O component 2316 also facilitates the input of audio signals viaa microphone to record data and/or telephony voice data, and forinputting voice signals for telephone conversations.

The DMH 2300 can include a slot interface 2318 for accommodating a SIC(Subscriber Identity Component) in the form factor of a card SubscriberIdentity Module (SIM) or universal SIM 2320, and interfacing the SIMcard 2320 with the processor 2302. However, it is to be appreciated thatthe SIM card 2320 can be manufactured into the DMH 2300, and updated bydownloading data and software thereinto.

The DMH 2300 can process IP data traffic via the communication component2310 to accommodate IP traffic from an IP network such as, for example,the Internet, a corporate intranet, a home network, a person areanetwork, etc., via an ISP or broadband cable provider. Thus, VoIPtraffic can be utilized by the DMH 2300 and IP-based multimedia contentcan be received in either an encoded or decoded format.

A video processing component 2322 (e.g., a camera) can be provided fordecoding encoded multimedia content. The DMH 2300 also includes a powersource 2324 in the form of batteries and/or an AC power subsystem, whichpower source 2324 can interface to an external power system or chargingequipment (not shown) via a power I/O component 2326.

The DMH 2300 can also include a video component 2330 for processingvideo content received and, for recording and transmitting videocontent. A location tracking component 2332 facilitates geographicallylocating the DMH 2300. As described hereinabove, this can occur when theuser initiates the feedback signal automatically or manually. A userinput component 2334 facilitates the user initiating the qualityfeedback signal. The input component can include such conventional inputdevice technologies such as a keypad, keyboard, mouse, stylus pen, andtouch screen, for example.

Referring again to the applications 2306, a hysteresis component 2336facilitates the analysis and processing of hysteresis data, which isutilized to determine when to associate with the access point. Asoftware trigger component 2338 can be provided that facilitatestriggering of the hysteresis component 2338 when the WiFi transceiver2313 detects the beacon of the access point. A SIP client 2340 enablesthe DMH 2300 to support SIP protocols and register the subscriber withthe SIP registrar server.

The DMH 2300, as indicated supra related to the communications component2310, includes an indoor network radio transceiver 2313 (e.g., WiFitransceiver). This function supports the indoor radio link, such as IEEE802.11, for the dual-mode GSM handset 2300. The DMH 2300 can alsoinclude an internal analog terminal adapter (ATA) 2342 for interfacingto analog devices such as modems and fax machines, for example.Alternatively, or in addition to the internal ATA 2342, an external ATAmodule 2344 can be provided for the same purposes as the internal ATAmodule 2342.

Referring now to FIG. 24, there is illustrated a block diagram of acomputer operable to provide storage and access such as for the UNCand/or HSS. In order to provide additional context for various aspectsthereof, FIG. 24 and the following discussion are intended to provide abrief, general description of a suitable computing environment 2400 inwhich the various aspects of the innovation can be implemented. Whilethe description above is in the general context of computer-executableinstructions that may run on one or more computers, those skilled in theart will recognize that the innovation also can be implemented incombination with other program modules and/or as a combination ofhardware and software.

Generally, program modules include routines, programs, components, datastructures, etc., that perform particular tasks or implement particularabstract data types. Moreover, those skilled in the art will appreciatethat the inventive methods can be practiced with other computer systemconfigurations, including single-processor or multiprocessor computersystems, minicomputers, mainframe computers, as well as personalcomputers, hand-held computing devices, microprocessor-based orprogrammable consumer electronics, and the like, each of which can beoperatively coupled to one or more associated devices.

The illustrated aspects of the innovation may also be practiced indistributed computing environments where certain tasks are performed byremote processing devices that are linked through a communicationsnetwork. In a distributed computing environment, program modules can belocated in both local and remote memory storage devices.

A computer typically includes a variety of computer-readable media.Computer-readable media can be any available media that can be accessedby the computer and includes both volatile and non-volatile media,removable and non-removable media. By way of example, and notlimitation, computer-readable media can comprise computer storage mediaand communication media. Computer storage media includes both volatileand non-volatile, removable and non-removable media implemented in anymethod or technology for storage of information such ascomputer-readable instructions, data structures, program modules orother data. Computer storage media includes, but is not limited to, RAM,ROM, EEPROM, flash memory or other memory technology, CD-ROM, digitalvideo disk (DVD) or other optical disk storage, magnetic cassettes,magnetic tape, magnetic disk storage or other magnetic storage devices,or any other medium which can be used to store the desired informationand which can be accessed by the computer.

Communication media typically embodies computer-readable instructions,data structures, program modules or other data in a modulated datasignal such as a carrier wave or other transport mechanism, and includesany information delivery media. The term “modulated data signal” means asignal that has one or more of its characteristics set or changed insuch a manner as to encode information in the signal. By way of example,and not limitation, communication media includes wired media such as awired network or direct-wired connection, and wireless media such asacoustic, RF, infrared and other wireless media. Combinations of the anyof the above should also be included within the scope ofcomputer-readable media.

With reference again to FIG. 24, the exemplary environment 2400 forimplementing various aspects includes a computer 2402, the computer 2402including a processing unit 2404, a system memory 2406 and a system bus2408. The system bus 2408 couples system components including, but notlimited to, the system memory 2406 to the processing unit 2404. Theprocessing unit 2404 can be any of various commercially availableprocessors. Dual microprocessors and other multi-processor architecturesmay also be employed as the processing unit 2404.

The system bus 2408 can be any of several types of bus structure thatmay further interconnect to a memory bus (with or without a memorycontroller), a peripheral bus, and a local bus using any of a variety ofcommercially available bus architectures. The system memory 2406includes read-only memory (ROM) 2410 and random access memory (RAM)2412. A basic input/output system (BIOS) is stored in a non-volatilememory 2410 such as ROM, EPROM, EEPROM, which BIOS contains the basicroutines that help to transfer information between elements within thecomputer 2402, such as during start-up. The RAM 2412 can also include ahigh-speed RAM such as static RAM for caching data.

The computer 2402 further includes an internal hard disk drive (HDD)2414 (e.g., EIDE, SATA), which internal hard disk drive 2414 may also beconfigured for external use in a suitable chassis (not shown), amagnetic floppy disk drive (FDD) 2416, (e.g., to read from or write to aremovable diskette 2418) and an optical disk drive 2420, (e.g., readinga CD-ROM disk 2422 or, to read from or write to other high capacityoptical media such as the DVD). The hard disk drive 2414, magnetic diskdrive 2416 and optical disk drive 2420 can be connected to the systembus 2408 by a hard disk drive interface 2424, a magnetic disk driveinterface 2426 and an optical drive interface 2428, respectively. Theinterface 2424 for external drive implementations includes at least oneor both of Universal Serial Bus (USB) and IEEE 1394 interfacetechnologies. Other external drive connection technologies are withincontemplation of the subject innovation.

The drives and their associated computer-readable media providenonvolatile storage of data, data structures, computer-executableinstructions, and so forth. For the computer 2402, the drives and mediaaccommodate the storage of any data in a suitable digital format.Although the description of computer-readable media above refers to aHDD, a removable magnetic diskette, and a removable optical media suchas a CD or DVD, it should be appreciated by those skilled in the artthat other types of media which are readable by a computer, such as zipdrives, magnetic cassettes, flash memory cards, cartridges, and thelike, may also be used in the exemplary operating environment, andfurther, that any such media may contain computer-executableinstructions for performing the methods of the disclosed innovation.

A number of program modules can be stored in the drives and RAM 2412,including an operating system 2430, one or more application programs2432, other program modules 2434 and program data 2436. All or portionsof the operating system, applications, modules, and/or data can also becached in the RAM 2412. It is to be appreciated that the innovation canbe implemented with various commercially available operating systems orcombinations of operating systems.

A user can enter commands and information into the computer 2402 throughone or more wired/wireless input devices, e.g., a keyboard 2438 and apointing device, such as a mouse 2440. Other input devices (not shown)may include a microphone, an IR remote control, a joystick, a game pad,a stylus pen, touch screen, or the like. These and other input devicesare often connected to the processing unit 2404 through an input deviceinterface 2442 that is coupled to the system bus 2408, but can beconnected by other interfaces, such as a parallel port, an IEEE 1394serial port, a game port, a USB port, an IR interface, etc.

A monitor 2444 or other type of display device is also connected to thesystem bus 2408 via an interface, such as a video adapter 2446. Inaddition to the monitor 2444, a computer typically includes otherperipheral output devices (not shown), such as speakers, printers, etc.

The computer 2402 may operate in a networked environment using logicalconnections via wired and/or wireless communications to one or moreremote computers, such as a remote computer(s) 2448. The remotecomputer(s) 2448 can be a workstation, a server computer, a router, apersonal computer, portable computer, microprocessor-based entertainmentappliance, a peer device or other common network node, and typicallyincludes many or all of the elements described relative to the computer2402, although, for purposes of brevity, only a memory/storage device2450 is illustrated. The logical connections depicted includewired/wireless connectivity to a local area network (LAN) 2452 and/orlarger networks, e.g., a wide area network (WAN) 2454. Such LAN and WANnetworking environments are commonplace in offices and companies, andfacilitate enterprise-wide computer networks, such as intranets, all ofwhich may connect to a global communications network, e.g., theInternet.

When used in a LAN networking environment, the computer 2402 isconnected to the local network 2452 through a wired and/or wirelesscommunication network interface or adapter 2456. The adaptor 2456 mayfacilitate wired or wireless communication to the LAN 2452, which mayalso include a wireless access point disposed thereon for communicatingwith the wireless adaptor 2456.

When used in a WAN networking environment, the computer 2402 can includea modem 2458, or is connected to a communications server on the WAN2454, or has other means for establishing communications over the WAN2454, such as by way of the Internet. The modem 2458, which can beinternal or external and a wired or wireless device, is connected to thesystem bus 2408 via the serial port interface 2442. In a networkedenvironment, program modules depicted relative to the computer 2402, orportions thereof, can be stored in the remote memory/storage device2450. It will be appreciated that the network connections shown areexemplary and other means of establishing a communications link betweenthe computers can be used.

The computer 2402 is operable to communicate with any wireless devicesor entities operatively disposed in wireless communication, e.g., aprinter, scanner, desktop and/or portable computer, portable dataassistant, communications satellite, any piece of equipment or locationassociated with a wirelessly detectable tag (e.g., a kiosk, news stand,restroom), and telephone. This includes at least WiFi and Bluetooth™wireless technologies. Thus, the communication can be a predefinedstructure as with a conventional network or simply an ad hoccommunication between at least two devices.

WiFi, or Wireless Fidelity, allows connection to the Internet from acouch at home, a bed in a hotel room, or a conference room at work,without wires. WiFi is a wireless technology similar to that used in acell phone that enables such devices, e.g., computers, to send andreceive data indoors and out; anywhere within the range of a basestation. WiFi networks use radio technologies called IEEE 802.11 (a, b,g, etc.) to provide secure, reliable, fast wireless connectivity. A WiFinetwork can be used to connect computers to each other, to the Internet,and to wired networks (which use IEEE 802.3 or Ethernet). WiFi networksoperate in the unlicensed 2.4 and 5 GHz radio bands, at an 11 Mbps(802.11a) or 54 Mbps (802.11b) data rate, for example, or with productsthat contain both bands (dual band), so the networks can providereal-world performance similar to the basic 10BaseT wired Ethernetnetworks used in many offices.

FIG. 25 illustrates an exemplary GSM network 2500 that facilitates DMSaccess control, location-based billing, and E911 mechanisms according toan innovative aspect. The GSM system, designed as a 2G cellularcommunications system, utilizes TDMA (time division multiple access)technology to enable greater call capacity. Digitally-encoded speech canalso be ciphered to retain call privacy. Voice calls are the primaryfunction of the GSM system. To achieve this, the speech is digitallyencoded, and later decoded using a vocoder.

GSM also supports a variety of other data services, although theperformance for such data services (e.g., facsimile videotext andteletext) is slow. One data service includes SMS that allowsbi-directional messaging, store-and-forward delivery, and alphanumericmessages. The overall system definition for GSM describes not only theair interface, but also the network. GSM uses 200 KHz RF channels, andare typically multiplexed to, for example, enable eight users to accesseach carrier.

The GSM network 2500 includes a base station subsystem (BSS) 2502, anetwork subsystem (NSS) 2504 and a GPRS core network 2506. The BSS 2502can include one or more base transceiver stations (BTS) 2508 and a basestation controller (BSC) 2510 connected together on an A-bis interface.The BTS and accompanying base stations (not shown) connect a cell phoneto a cellular network. Base stations are all interconnected tofacilitate roaming from one cell to another via a process calledhandover, without losing the cell connection.

A packet control unit (PCU) 2512 is shown connected to the BTS 2510although the exact position of this can depend on the vendorarchitecture. The BSS 2502 is connected by the air interface Um to amobile terminal 2514. The BTS 2508 are the actual transmitters andreceivers of radio signals. Typically, a BTS for anything other than apicocell will have several different transceivers (TRXs) which allow itto serve several different frequencies or even several different cells(in the case of sectorized base stations).

By using directional antennae on a base station, each pointing indifferent directions, it is possible to sectorise the base station sothat several different cells are served from the same location. Thisincreases the traffic capacity of the base station (each frequency cancarry eight voice channels) while not greatly increasing theinterference caused to neighboring cells (in any given direction, only asmall number of frequencies are being broadcast).

The BSC 2510 provides the intelligence behind the BTS 2508. Typically, aBSC can have tens or even hundreds of BTSs 2508 under its control. TheBSC 2510 handles allocation of radio channels, receives measurementsfrom the mobile phones, and controls handovers from BTS to BTS (exceptin the case of an inter-MSC handover in which case control is in partthe responsibility of the an MSC). One function of the BSC 2510 is toact as a concentrator such that many different low capacity connectionsto the BTS 2508 can become reduced to a smaller number of connectionstowards the MSC. Generally, this means that networks are oftenstructured to have many BSCs 2510 distributed into regions near the BTS2508 which are then connected to large centralized MSC sites.

The PCU 2512 can perform some of the equivalent tasks of the BSC 2510.The allocation of channels between voice and data can be controlled bythe base station, but once a channel is allocated to the PCU 2512, thePCU 2512 takes full control over that channel. The PCU 2512 can be builtinto the base station, built into the BSC, or even in somearchitectures, it can be at an SGSN site.

The BSS 2502 connects to the NSS 2504 by an A interface. The NSS 2504 isshown containing an MSC 2516 connected via an SS7 network 2518 to an HLR2520. The AuC and the EIR, although technically separate functions fromthe HLR 2520, are shown together since combining them can be performedin the network.

The combination of a cell phone 2514 and a SIM card (not shown) createsa special digital “signature” that includes a subscriber number which issent from the cell phone 2514 to the nearest BTS 2508 asking that thesubscriber of a particular network be allowed to use the network. Therequest is passed on along the network of BTS 2508 to the heart of acellular network, the MSC 2516. The MSC also routes all incoming andoutgoing calls to and from the fixed-line networks or other cellularnetworks. When the user wants to make an outgoing call, another sectionof the MSC called the VLR checks whether the caller is actually allowedto make that call. For example, if the caller is barred forinternational dialing, a message to that effect will be generated by theVLR, sent along the network, and almost instantly back to the cellphone.

The MSC 2516 also contains the component called HLR 2520 that providesthe administrative information required to authenticate, register andlocate the caller as that network's subscriber. Once the HLR hasreceived a log-on request, the HLR 2520 immediately checks the special“signature” contained in the request against the HLR special subscriberdatabase. If the subscription is current, the MSC 2516 sends a messageback to the phone via the network of BTS 2508 that indicates the calleris allowed to access the network. The name or code of that network willappear on the LCD screen of the cell phone 2514. Once this network“name” message appears on the phone LCD screen, it means the caller isconnected to the network and able to make and receive calls.

The HLR 2520 registers which base station the cell phone is currentlyconnected to, so that when the network MSC 2516 needs to route anincoming call to the cell phone number, it will first check the HLR 2520to see where the cell phone is located. Periodically, the cell phonewill send a message to the network indicating where it is, in a processcalled polling. The combination of the tracking function and thecaller's unique digital signature allows the MSC 2516 to route that callto the precise base station the cell phone happens to be connected to,and then exclusively to the cell phone, even if a number of othersubscribers are simultaneously connected to that base station.

When traveling to another cell while driving, for example, the HLR 2520is automatically updated, and continues to monitor where exactly itshould route the calls should the caller then move within range ofanother base station. This routing procedure means that out of hundredsof thousands of subscribers, only the correct cell phone will ring whennecessary.

The NSS 2504 has a direct connection to the PSTN 2522 from the MSC 2516.There is also a connection to from the NSS 2504 to the GPRS core network2506 via a Gr/Gs interface although this is optional and not alwaysimplemented. The illustrated GPRS Core Network 2506 is simplified toinclude a SGSN 2524 (connected to the BSS 2502 by the Gb interface) anda GGSN 2526. The SGSN 2524 and the GGSN 2526 are connected together by aprivate IP network 2528 called a GPRS backbone shown as the Gn referencepoint. A computer 2530 is depicted as connecting to the core network2506 via an Internet or corporate network 2532.

Some voice mail systems are linked to a network SMS Center (SMSC), aspecial facility that handles short messages. The SMSC generates thespecial SMS message that notifies the caller when they have mail waitingin a Mailbox. SMS messages can be received on an SMS-capable cell phoneeven while the caller is on a voice call. This is because the SMSmessages are sent on a different radio frequency, the GSM data channel,than voice calls, so that the two never interfere.

What has been described above includes examples of claimed subjectmatter. It is, of course, not possible to describe every conceivablecombination of components and/or methodologies, but one of ordinaryskill in the art may recognize that many further combinations andpermutations are possible. Accordingly, the claimed subject matter isintended to embrace all such alterations, modifications and variationsthat fall within the spirit and scope of the appended claims.Furthermore, to the extent that the term “includes” is used in eitherthe detailed description or the claims, such term is intended to beinclusive in a manner similar to the term “comprising” as “comprising”is interpreted when employed as a transitional word in a claim.

1. A system that facilitates controlling network access, comprising: alookup component that determines an approximate geographic locationassociated with a public originating IP address, the public originatingIP address is associated with a request for dual mode services made by adual mode client; and a comparison component that compares theapproximate geographic location with a retained geographic locationassociated with the dual mode client and determines whether to enabledual mode services based at least in part upon the comparison.
 2. Thesystem of claim 1, the lookup component utilizes a service thatdetermines a street address of an IP service provider based at least inpart upon the public originating IP address.
 3. The system of claim 1,the request for dual mode services is made with respect to a DSLbroadband network.
 4. The system of claim 1, the request for dual modeservices is made with respect to a cable broadband network.
 5. Thesystem of claim 1, the request for dual mode services is made withrespect to a WiMAX broadband network.
 6. The system of claim 1, therequest for dual mode services is additionally associated with a MACaddress of an access point desirably utilized to connect to a broadbandnetwork, the comparison component compares the MAC address with aretained MAC assigned to the dual mode client and determines whether toenable dual mode services based at least in part upon the comparison. 7.The system of claim 6, the access point is one of a wireless router anda wireless repeater.
 8. The system of claim 1, the request is initiatedupon the dual mode client detecting WiFi signals associated with anaccess point to a broadband network.
 9. The system of claim 1, furthercomprising a billing component that bills a subscriber based at least inpart upon the comparison.
 10. The system of claim 9, the billingcomponent bills at a first rate if the dual mode client is authorized toutilize dual mode services and bills at a second rate if the dual modeclient is not authorized to utilize dual mode services.
 11. The systemof claim 1, further comprising a service update component thatfacilitates updating geographic locations with respect to which the dualmode client is authorized to employ dual mode services.
 12. The systemof claim 11, the service update component generates a graphical userinterface that provides a subscriber with updating options relating toauthorized geographic locations.
 13. The system of claim 12, furthercomprising a billing component that charges the subscriber a fee if thesubscriber updates authorized geographic locations associated therewith.14. A method for controlling access to a network, comprising: receivingan IP data packet associated with a multi-mode client, the IP datapacket includes a public originating IP address associated with an IPservice provider; determining an approximate geographic location of themulti-mode client through utilization of the public originating IPaddress; comparing the determined approximate geographic location withan authorized geographic location assigned to the multi-mode client; anddetermining whether to enable the multi-mode client to employ dual modeservices based at least in part upon the comparison.
 15. The method ofclaim 14, further comprising preventing access to dual mode services ifthe approximate geographic location and the authorized geographiclocation do not match.
 16. The method of claim 14, the approximategeographic location is an identity of a city.
 17. The method of claim14, the IP data packet is received by way of one of a DSL and cablerouter.
 18. The method of claim 14, further comprising billing asubscriber that utilizes the multi-mode client according to thecomparison.
 19. The method of claim 14, further comprising requestingadditional payment from a subscriber that utilizes the multi-mode clientto enable authorization of a geographic location if the approximategeographic location and the authorized geographic location do not match.20. A system that facilitates control of access to a network,comprising: means for determining an approximate geographic location ofa dual-mode client that is requesting dual mode services based at leastin part upon a public originating IP address; and means for determiningwhether to allow the dual-mode client to utilize dual mode servicesbased at least in part upon a comparison of the approximate geographiclocation with an authorized geographic location.